PUBLIC MARKS with tag ssh

July 2007

ctail is a tool for operating tail(1) across large clusters of machines, with many log files. It relies upon existing SSH authentication infrastructure, rather than introducing central points of log collection, or other large infrastructure changes, which aren't easily changed in many systems.

This project is devoted to demonstrating a weakness in public key encryption to an active sniffer in the form of a man-in-the-middle style attack, which essentially "taps" the connection of a machine and allows the attacker to view the contents of future encrypted sessions.